- UserRole enum: Admin (full), Viewer (read-only), AppUser (minimal)
- can_access() method checks RPC method against role permissions
- Role field on User struct with serde default (backward-compatible)
- Viewer: read system/federation/DWN/identity/backup/container status
- AppUser: system.stats, node.did, container list, password change
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- analytics.get-status: Check if analytics opted in
- analytics.enable/disable: Toggle opt-in
- analytics.get-snapshot: Anonymous aggregate data (version, app count,
hardware tier, CPU cores, RAM, federation peers)
No personal data: no DIDs, no IPs, no secrets. Strictly opt-in.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New RPC endpoints:
- backup.upload-s3: Upload encrypted backup to any S3-compatible endpoint
- backup.download-s3: Download backup from S3 to local storage
Supports MinIO, Backblaze B2, Wasabi via basic auth + S3 API.
Backups are AES-256-GCM encrypted before upload.
Rate-limited at 3 requests per 10 minutes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updated i18n.ts with SUPPORTED_LOCALES, setLocale() lazy loading,
localStorage persistence. Added language selector in Settings.vue.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Y2-02: scripts/validate-app-manifest.sh — validates community app
manifests (YAML, required fields, trusted registry, no :latest,
security checks, memory limits)
- Y2-03: neode-ui/src/locales/es.json — Spanish locale stub with
common strings translated, template for other languages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: credentials.json had flat-format test data from old code,
incompatible with current W3C VerifiableCredential struct. Parse error
was hidden by error sanitization.
Fix: cleared old test data. VC flow now works bidirectionally:
- .198: 3/3 issue + 3/3 verify
- .228: issue + verify work (rate-limited during repeated testing)
- Both nodes: list-credentials returns correct counts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both nodes rebooted simultaneously. .228 SSH in 115s, .198 in ~5min.
Both healthy. Federation re-established — 2 peers synced.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Session tokens get invalidated when backend restarts. Moving auth
inside the iteration loop ensures each iteration gets a fresh session.
Also fix grep -c arithmetic syntax error for nostr-provider check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause: sd_notify::notify(true, ...) cleared NOTIFY_SOCKET env var,
so watchdog pings never reached systemd. Backend killed every 60s.
Fixes:
- Change sd_notify::notify first param to false (keep socket)
- Increase WatchdogSec from 60 to 300 (5min) for crash recovery
- Add TimeoutStartSec=300 for slow container startups
- Adjust watchdog ping interval to 120s
This was causing 47 restarts/day on .198 and blocking REBOOT-03,
FLEET-03, FLEET-04, VC-04.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Removed 54 unused/dangling images from .228.
50% total image disk reduction (freed 26.96GB).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix: bash parameter splitting caused {} to break into body JSON.
Changed rpc() to declare params separately.
Removed set -e to allow individual test failures.
FLEET-02: .228 passes 30/30 (3 iterations) — all features validated.
FLEET-03: .198 blocked — backend instability, 15/28 pass.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Simplify DHT encoding: use JSON instead of DNS packets (drop simple-dns)
- Fix mainline crate API: SigningKey takes 32 bytes, get_mutable returns Result
- Add missing dht_did field to IdentityRecord constructor
- Store DID Document as JSON in DHT (DNS encoding deferred)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- DHT Identity card with blue status indicator
- "Publish to DHT" button calls identity.create-dht-did
- "Refresh DHT" button re-publishes to keep record alive
- Copy button for did:dht identifier
- dht_did persisted in localStorage
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- federation.list-nodes now includes vc_verified: bool per node
- True when a non-revoked FederationTrustCredential exists for the peer DID
- Integrates with VC-02's automatic VC issuance on federation join
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Issue W3C VC (type FederationTrustCredential) when joining federation
- Claims: federationPeer=true, establishedAt=timestamp
- Signed with node Ed25519 identity key
- Runs in background task (non-blocking)
- Stored via credentials system for later verification
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add dht_did field to IdentityRecord (optional, serde-compatible)
- Add prefer_dht_did param to identity.issue-credential RPC
- When true and dht_did is set, uses did:dht as VC issuer
- Credential system already format-agnostic for any DID type
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- PERF-01: Move crash recovery to background tokio task so health
endpoint is available immediately on startup
- PERF-04: Add ResponseCache with 5s TTL for system.stats and
federation.list-nodes. Reduces CPU for frequent polling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Crash recovery (check_for_crash + recover_containers +
start_stopped_containers) now runs in a background tokio task.
The health endpoint is available immediately on startup instead of
blocking for 260+ seconds while containers restart sequentially.
This directly fixes the .198 boot recovery timeout issue where the
backend took 260s to become healthy after restart.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Initial load: 110KB gzipped (index.js). All views code-split.
Total: 312KB gzipped across all chunks. No optimization needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TAP format, takes target IP + --iterations N
- Checks: health, memory, disk, containers, federation, DWN,
identity, NIP-07, backup create/verify/delete
- Exit 0 = production ready
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add tier: "" to all AppMetadata match arms (was missing from 30+ arms)
- Use std:🧵:available_parallelism() instead of num_cpus crate
- Remove unused num_cpus dependency
- Fix unused variable warning in health_monitor.rs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Show 'core' (orange) and 'recommended' (blue) badges next to app titles
- getAppTier() classifies apps matching backend get_app_tier()
- Global .tier-badge, .tier-badge-core, .tier-badge-recommended CSS classes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
.198 crash recovery takes >120s for 34 containers. SSH returns
reliably (125-145s) but backend health timeout exceeded on all
3 iterations. Needs CONT-02 deployment and/or increased timeout.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
get_app_tier() classifies all apps:
- core: Bitcoin, LND, Electrs, Mempool, BTCPay, DWN, FileBrowser
- recommended: Fedimint, Grafana, Vaultwarden, Kuma, SearXNG, etc.
- optional: everything else
Tier field added to Manifest struct (data_model.rs) and exposed
via WebSocket package data for frontend tier badges.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Per-container RAM/CPU/disk measurements from .228 baseline.
Three app tiers: Core (2.6GB), Recommended (+880MB), Optional (+2-5GB).
Four hardware tiers with cost estimates.
10K user distribution projection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DEPLOY-02: --canary flag deploys to both then verifies .198 health
DEPLOY-03: Pre-deploy rollback backup (binary + web-ui) to
/opt/archipelago/rollback/. Auto-rollback on post-deploy health failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add swap creation to first-boot-containers.sh
- Size: 50% of RAM (min 2GB, max 8GB)
- Creates /swapfile, adds to /etc/fstab for persistence
- Runs before container creation to prevent OOM during startup
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shows target, mode, files to sync, build steps, and deploy scope
without executing any changes. Works with --live, --both, etc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
